Mobile data communication using biometric encryption

ABSTRACT

A mobile App using biometric encryption and decryption for privacy and security having both authentication and recognition functions. It utilizes the built-in camera of the mobile device to provide facial images for authentication purposes. It further includes a secured data communication system for conveniently sending and receiving data on the mobile devices. The secured data communication system also utilizes biometric encryption and decryption technology for granting permissions to access the data communication system. The biometric encryption is implemented by using a selective biometric feature and optimized biometric feature detection and tracking methods. Different biometric feature authentication methods are optimized for use on various mobile platforms, such as, Android, iOS, Windows and others. Data encryption and decryption are achieved by using selected biometric feature vectors as cryptographic keys. The biometric data encryption system further includes liveness detection module with anti-spoofing features to ensure the encryption and decryption processes only accept biometric features from a live person conveniently without the user&#39;s intervention. Alternative authentication method is provided if the biometric feature authentication module fails to recognize the valid user, or fails in the liveness detection module in order to maintain privacy and security of the data in the mobile device.

CROSS-REFERENCE TO RELATED APPLICATION

This application claims the benefit of U.S. Provisional Application No.62/058,283, filed Oct. 1, 2014.

FIELD OF THE INVENTION

Network security breaches and identity thefts are common topics in thenews nowadays. Despite the billions of dollars invested in IT securitytechnology each year, countless corporations, enterprises and governmentagencies have fallen victim to cyber-attacks of incrediblesophistication and complexity. Private citizens and consumers usingcomputers and mobile devices are also not immune to such vulnerability.In particular, mobile devices, such as, smartphones and tablets are verypersonal communication devices. Millions of people share and store theirpersonal information, such as, photos, bank accounts, financial data ande-mail/SMS messages, using their mobile devices. As a result, suchpersonal information is potentially vulnerable to unauthorized access byhackers. Such incidents always lead to inconvenience and potentialfinancial losses. Evidently, there is an imminent need for protectingthe privacy of mobile device users and the data security of their mobiledevices.

One objective of the present invention is to meet the convenience,privacy and security challenges of users by providing them a mobiledevice with a secured data communication.

Another objective of the present invention is to offer an enhanced andsecured data communication protection, e.g. utilizing biometricencryption for data exchanges including streaming, emails and messaging.

Another objective of the present invention is to develop an e-mail/SMSmessaging and other communication services utilizing various biometricpatterns, such as, iris, speech, facial, fingerprint, and heartbeat,etc.

Another objective of the present invention is to develop a convenientand secured program, which is utilized as a covered layer protection forother software program.

Another objective of the invention is to develop a highly sophisticatedsecure communication software program tailored for corporation,enterprise and government use.

Yet another objective of the present invention is to develop a secureddata communication application (App) to be released in, such as, GooglePlay, Apple App Store, Windows Apps Store and Amazon Appstore.

BACKGROUND OF THE INVENTION

Mobile devices have made a revolutionary impact on the way we live, workand socialize. The development of applications or Apps on mobile deviceshas been increasing exponentially over the past few years due to thepopularity of smartphones and tablets. The features and functions ofmobile devices have extended far beyond just emailing and web browsing.They are often used to take/post photos and videos, texting, audio andvideo calls, group chatting, access social media, access financialaccounts, play games, stream music and movies, and run various customapplications. Along with their great convenience and efficiency, thereare growing security challenges in protecting the privacy of the usersand the sensitive data stored in these mobile devices.

There are two types of encryption: symmetric and asymmetric. 1).Symmetric encryption, such as, Advanced Encryption Standard (AES), usesthe same key for encryption and decryption. 2). RSA (by Ron Rivest, AdiShamir, and Leonard Adleman) asymmetric encryption, uses different keys,both public and private. Encryption is a process of protecting dataconfidentiality by converting the data into an unreadable format, usingan encryption key. Conversely, decryption is the reverse process ofencryption to uncover the encrypted data, using a decryption key,possibly different from the encryption key. The cryptographic keys areusually long and random, not practical for human to memorize. Forexample, the Advanced Encryption Standard (AES) key is 128 bits long, inaccordance with federal information processing standards publication197, National Institute of Standards and Technology (NIST), 2001. Suchcryptographic keys are usually stored in a location, where analternative authentication, e.g., a PIN or a password is required torelease the key, in order to avoid the risk of losing or forgetting thecryptographic key.

Biometric patterns including human physiological or behavioralcharacteristics can be used to authenticate mobile device users. Thesepatterns usually include biometrics, such as, face, fingerprint, iris,signature, and voice, among many others. They are either permanent orunchangeable for a long period of time. In the past, the use of suchbiometrics has been focusing on authentication of PC and network access,physical assess, time and attendance applications. They are often usedin conjunction with other security technologies, such as authenticationtokens and smart cards.

One solution is to use the emerging biometric encryption technology,which uses biometric information as the cryptographic keys. Withbiometric encryption, rather than storing the cryptographic keys in thesystem, the biometric information is serving as the cryptographic keysto encrypt the data, or binding the keys to the biometric information,so that only the biometric-encrypted data is stored. Among the existingworks associated with biometric encryption, the major efforts arefocusing on two biometric modalities, iris and fingerprints according tothe papers written by Clancy R. C., Kiyavash N., and Lin D. J., “SecureSmart Card based Fingerprint Authentication,” Proceedings of ACM SIGMMWorkshop on Biometrics Methods and Applications, pp. 45-52, 2003; UludagU., Pankanti S., and Jain A., “Fuzzy Vault for Fingerprints,”Proceedings of International Conference on Audio and Video basedBiometric Person Auth., pp. 310-319, 2005; and Yang S., and Verbauwhede,I., “Secure Fuzzy Vault based Fingerprint Verification System,”Proceedings of ASILOMAR Conference on Sig., Sys., and Comp., Vol. 1, pp.577-581, November 2004.

Other papers on biometric encryption include, Hao F., Anderson R., andDaugman J., “Combining Crypto with Biometric Effectively,” IEEE Trans.on Computers, vol. 55, no. 9, pp. 1081-1088, 2006; Wu X., Qi N., andWang K., Zhang D., “A Novel Cryptosystem based on Iris key Generation,”2008 IEEE Computer Society. Fourth international conference on naturalcomputation; and Kanade S., Camara D., Krichen E., Petrovska-DelacretzD., and Dorizzi B., “Three Factor Scheme for Biometrics basedCryptographic Key Regeneration using Iris” Telecom & Management SudParisEvry, France.

There are also several works on biometric encryption using facial imagesby Wang Y., and Plataniotis K. N., “Fuzzy Vault for Face basedCryptographic Key Generation,” in Proc. Biometrics Symposium 2007,September 2007; and Martin K., Lu H., Bui F., Plataniotis K. N., andHatzinakos D., “A Biometric Encryption System for the Self-exclusionScenario of Face Recognition,” IEEE Systems Journal, 2009.

While the above works are focused on modifying or improving thealgorithms of encryption, one of the objectives of the present inventionis focused on developing an App for secure mobile device datacommunication by utilizing such biometric encryption. With such an App,only the recipient of the data will be able to access the content uponone or more successful biometric feature authentication with theintegral biometric detector of the mobile device.

Table 1 below shows the various mobile device, e.g. smartphone,operation system markets for the last two years in accordance toGartner, Inc., a leading information technology research and advisorycompany.

As can be seen from the table, the Android market share reaches as highas 78.4% in year 2013, gaining a 12% growth as compared to year 2012,way ahead of other markets. The sales of Android phones will predict toapproach one billion units in the year 2014, and the Android operatingsystem will continue to benefit from this growth.

TABLE 1 Worldwide Smartphone Sales to End Users by Operating SystemsOperating 2013 Units 2013 Market 2012 Units 2012 Market System(Thousands) Share (%) (Thousands) Share (%) Android 758,719.9 78.4451,621.0 66.4 iOS 150,785.9 15.6 130,133.2 19.1 Windows 30,842.9 3.216,940.7 2.5 BlackBerry 18,605.9 1.9 34,210.3 5.0 Other OS 8,821.2 0.947,203.0 6.9 Total 967,775.8 100.0 680,108.2 100.0

Messaging Apps, such as, WhatsApp, WeChat, Line, Facebook messenger,Tango, and Skype, etc., are very popular mobile Apps for communication.These Apps share similar basic functions, one-to-one chatting, groupchatting, sending or sharing files, and video chatting, etc. However,many of these Apps do not utilize any encryption for data protection,not to mention biometric encryption. They are usually installed on thedevice without any protection. As a result, once an unauthorized usergains access to the device, he/she will gain access to these popularmobile Apps without any effort.

SUMMARY OF THE INVENTION

One of the objectives of the present invention is to develop a mobileApp that will be distinguished from existing popular Apps on the marketby providing users with a secure data exchange mobile App, includingtexting, emails, images, and videos, as specified in the aforementionedobjectives. Specifically, the present invention provides a secure meansto protect data sent and received by mobile devices, using biometricencryption, e.g. fingerprints, voice, iris, and facial features.Nowadays, almost all mobile devices have at least one built-in camera,and some even have a biometric detector or sensor built-in. As such, theuser's facial image or other biometric feature, such as, fingerprint,iris, voice, etc., is readily available for authentication purposes.Further, the present invention will provide data encryption anddecryption on mobile devices using biometric features, e.g. facialimages. When data is sent to a particular person, it will be encryptedusing one or more of the recipient's biometric features as thecryptographic key. Upon receiving such encrypted data, the recipient candecrypt the data, for example, using his/her face pattern by placing themobile device in front of the face. This could further protect userprivacy and data security even though other users may somehow gainaccess to the recipient's mobile device. Furthermore, in order to copewith system vulnerability in spoof attack and to enhance robustness, abiometric liveness detection method is used to ensure the biometricfeature received are coming from a live person.

The present invention addresses a number of privacy and data securityissues. These issues are raised from the fact that most of the datastored in the phone, including email, contacts, social networkingaccounts, and identities are readily available to anyone who has accessto the mobile device. Occasionally, the mobile device may be sharedamong multiple users, therefore, ensuring one user not be able to accessother user's data is very important. The present invention provides asafeguard from losing valuable data and access of the mobile device bypreventing the data access of the mobile device when the biometricliveness detector detects the user of the mobile device is not a realperson or not the intended user. The present invention also prevents thepotential risk of losing sensitive data or unauthorized access when themobile device is lost, stolen or being hacked in public Wi-Fi hotspotlocations, such as, coffee shops and airport lounges. Depending on thebuilt-in biometric detector functions of the mobile device, otherbiometric features, such as, voice or iris patterns can be alsoincorporated into such encryption mobile App. Further, the presentinvention can be operated in any mobile platforms or operation systems,such as, those discussed in Table 1 above.

BRIEF DESCRIPTION OF THE DRAWINGS

Features, aspects, and embodiments are described in conjunction with theattached drawings, in which:

FIG. 1 is an example of the secured messaging process in accordance withthe present invention;

FIG. 2 is an example of the message encryption and decryption processusing facial images;

FIG. 3 is an example of the facial detection and tracking method used inthe present invention.

DETAILED DESCRIPTION OF THE INVENTION

The popularity of mobile devices, such as, smartphones and tablets givesrise to many issues that must be addressed for privacy and datasecurity. Some examples are:

-   -   1) How to protect the personal and corporate data stored in the        mobile devices, such as, emails, contacts, calendar, photos,        audio and video files;    -   2) How to protect personal activities on the mobile device when        it is shared with multiple users, ensuring one user cannot        access other user's sensitive data and/or unauthorized access;    -   3) How to protect the mobile device if it is lost or stolen,        preventing the potential loss; and    -   4) How to protect the mobile device from crackers/hackers when        used in public Wi-Fi locations.

Using password for locking and preventing access to mobile devices iswell known. However, password can be forgotten and can be cracked bysophisticated hackers. Once the password is cracked, one can easilyaccess all the data in the mobile device. In order to overcome that,using data encryption is a much more secured alternative to combat therisk of unauthorized access of mobile devices. The common encryptionprocess involves converting data into “ciphertext” with an encryptionkey using mathematical algorithm. In order to gain access to theencrypted data, users are required to use their own unique credentials,known as decryption key, to decrypt the “ciphertext”. Provided thedecryption key stays safe, it is virtually impossible for others toaccess or decrypt the encrypted data.

Biometric encryption is a process that generates a cryptographic keyfrom biometric data or binds a cryptographic key to biometric data, sothat neither the cryptographic key nor the biometric data needs to bestored. The decryption process requires a successful authentication of agenuine live biometric sample.

The present invention provides access to data on mobile devices, usingbiometric encryption. For example, with the built-in camera or otherbiometric detector on the mobile device, the user's facial image isreadily available, which make the authentication process veryconvenient. In this particular example, data exchange are encryptedusing the live facial image of the mobile device as the encryption key.The decryption process requires a successful facial authentication ofthe recipient, by presenting his/her face in front of the camera of themobile device.

One aspect of the present invention is to develop a mobile App utilizingan optimized facial authentication method that is suitable for mobileplatform in spite of the restricted computation power of most mobiledevices. The facial authentication in this mobile App requires onlysimple yet accurate computation method to extract facial features in avery compact representation. It utilizes facial features provided on amobile platform for data encryption and decryption, including a facialimage liveness detection scheme to detect spoofing for preventingunauthorized access.

Another aspect of the present invention is to develop a mobile App whichincludes a secure messaging application using the biometric encryptionfeatures described above. As a result, the mobile App of the presentinvention will have a dual function of authentication in granting mobiledevice access to valid users, and to grant permission to read and sendmessages, access the contacts, and other selected functions orapplications in the mobile device. The state-of-the-art method forfacial detection is relatively mature. One such method is to useHaar-like features with Adaboost learning and cascade classification forface detection. This method has proven to be able to generate very fastand accurate results in accordance to the papers written by Viola P. A.,and Jones M. J., “Robust Real-Time Face Detection,” ICCV 2001: 747. ForAndroid platform, the OpenCV library for Android SDK provides a basicfunction for facial detection using the above method. Accordingly, thepresent invention will adapt this method for facial detection indeveloping the App for the Android platform. Specifically, this methodwill be customized in the present invention to detect selected featureson the face, such as, locating the areas of eyes, nose and mouth.

The present invention also includes a face tracking module to facilitatethe face liveness detection in the subsequent facial detection steps.Face tracking is initiated by the facial detection results, whichinclude the location of the face, eyes, nose and mouth. Specifictemplate matching methods are selected for face tracking Since it isknown that tracking two consecutive frames of a video stream is highlyrelevant, the location of the face on the current frame will bedetermined by the best matched positions between the current frame andthe previous frame. The template matching is performed by a distancemeasurement of corresponding pixels of the two consecutive frames. FIG.3 shows some preliminary results of the face detection and trackingsoftware implemented on the Android platform.

Facial recognition and facial authentication have subtle differences interms of system settings. Facial recognition, also calledidentification, is to perform one-to-many comparison of an input facialimage with a facial image template database. On the other hand, facialauthentication, also called verification, is to perform one-to-one matchthat only compares the input facial image with the one that the userclaims to be. In the present invention, facial authentication scheme isused since only the authorized user is allowed to access the data in themobile device. One of the major problems of facial authentication isfinding a proper method to convert the original facial images into acompact representation of the face, which is also known as face featureextraction.

Since the computation capability of a mobile device is limited, findinga facial authentication method that is computationally efficient whilemaintaining good performance accuracy is a challenge. A performancecomparison of multiple methods shows that the Local Binary Pattern (LBP)method and its several modifications rank very high in the performanceevaluation. More importantly, the LBP features of images are veryefficient in computation, and also robust against illumination changes,resulting in a good candidate for mobile device application. Further,the LBP is a simple yet efficient texture operator which labels thepixels of an image by initiating the neighborhood of each pixel andconsiders the result as a binary number. When this method is applied toface feature extraction, it divides the image into blocks and computeseach block using the operator to obtain a histogram representation ofthe face.

The OpenCV library provides the source code of the LBP method for facerecognition. The LBP method can be customized and optimized based on theimage data in the application, and the particular application platform.Accordingly, the present invention will implement and optimize thismethod for the facial authentication module on the Android platform.

As mentioned above, one key problem for biometric cryptosystem is thatthe feature vectors used during encryption may not exactly match thatobtained at the time of decryption. As such, the naive approach ofdirectly using the biometric feature vector as the key for encryptiondoes not work. To cope with the variability in biometrics, the presentinvention utilizes, for example, an approach based on the sophisticationof the biometric matching algorithms.

The approach focuses on distance-based matching algorithms—i.e. twobiometric vectors x and y are considered to be a match if a distancefunction d(x,y), typically L1 or L2, on the two vectors result in asmall value. Specifically, d(x,y)≦ε, where ε is a pre-defined similaritythreshold.

The aforementioned LBP feature vector together with the L1 distance isan example of such a matching algorithm. The approach involves thefollowing steps:

-   -   1. Transform the biometric vectors x and y into unary encoding        U(x) and U(y). Unary encoding is the transformation of the        integer value xi at each dimension i into a binary        representation with xi consecutive ones followed by zeros. For        example, if xi=3 and the maximum value of the dimension is 9,        then the unary representation is as follows:        -   U(xi):=111 000 000    -   For real-value vectors, all values need to be quantized and        shifted to non-negative values. The significance of this step is        that L1 distance d(x,y) is preserved in this process,        -   i.e. d(x,y)=dH(U(x),U(y))    -   where dH(U(x),U(y)) is the hamming distance. For L2 distance,        the distance is not exactly preserved. However, the distortion        is bounded and can be reduced with additional transformations;    -   2. Encrypt the secret message m, which could be a randomly        generated encryption key for messaging, based on the following        process:        -   Enc(m; x):=ECC(m) XOR U(x)    -   The function ECC(m) represents an error correction coding that        can correct up ε bits of error. In other words, any ε or fewer        random bit flips in ECC(m) does not affect the decoding process.        There are many robust, high-performance ECC implementations        including Turbo Code or Reed-Solomon Code that can be used for        this process. The XOR with the feature vector acts as a one-time        pad, making decryption impossible without some knowledge of the        biometric feature vector x; and    -   3. To decrypt the cipher-text, the receiver will use the        following process:        -   m′:=ECC−1(Enc(m;x) XOR U(y))

It is easy to see why decryption works correctly. The XOR undoes theencryption with U(x) up to ε bits, provided that x and y are a match,which are then corrected by the inverse ECC process. The decryption hasa very low computational complexity, which is ideal for mobileplatforms.

Another objective of our present invention is to create an instant dataexchange mobile App, which runs on multiple platforms, e.g. Android,Apple or Windows. The initial mobile App will have many useful features.Some of these features are as follows:

-   -   1. User registration;    -   2. User authentication;    -   3. Adding new friends by user name;    -   4. Approving friends;    -   5. Messaging with friends in an approved list;    -   6. Support video, voice and photo messages;    -   7. Shows online and offline users;    -   8. Able to receive offline messages;    -   9. Push new message for notification, even when the App is not        active; and    -   10. Sign out of the App.

With the basic function of the instant mobile App created, the biometricdata encryption and decryption features are incorporated into this App.The resulting mobile App will have the following additional features:

-   -   1. User is required to provide his/her specified biometric        feature for authentication;    -   2. User has the option to enable data encryption for data        exchange on the user mobile device; and    -   3. Preventing unauthorized user from using the mobile device,        e.g. when the mobile device is lost or stolen.

If the option of data encryption is turned ON, the mobile App is bundledwith the registered user. The data is encrypted with the registereduser's biometric feature. For example, the mobile App will constantlycheck if the user is a registered user, using the built-in camera orother biometric detector on the device, e.g. using facialauthentication. If the facial authentication is successful, the App willrun normally. Otherwise, the App will not decrypt the data received, andthe screen will show the data as “ciphertext”.

Also, while the option of data encryption is ON, the data received onthe user mobile device during this period is encrypted, even after theuser has signed out of the application. No other unauthorized user canaccess the history on the remote server or stored in the mobile device.

If the authentication system does not have built-in liveness detectionmodule, it is susceptible to spoofing attack. For example, it is acommon way to use fake faces when the live biometric features used arefacial images. Other common ways are as follows:

-   -   1. Photograph of a valid user. This is the cheapest and easiest        spoofing approach, since it is very easy to obtain one's facial        image from the public, either from online or taking a photo of        the target user unknowingly;    -   2. Video of a valid user. Using video to spoof the camera is        also a big threat. Video of a valid user can be very similar to        live face, because it contains physiological characteristic,        such as eye blinking, head movement, which is lacking in a        photograph; and    -   3. 3D model of a valid user. A 3D face model will look realistic        in front of a camera because it contains 3D information of the        face. However, this approach lack of physiological        characteristic and it is not easily available as compared to the        previous two approaches.

To distinguish fake faces from live faces, the state-of-the-art methods,for example, can be classified into these categories:

-   -   1. Using depth information of the face. Reference is made to the        papers written by Choudhury T., Clarkson B., Jebara T., Pentland        A., “Multimodal person recognition using unconstrained audio and        video,” International Conference on Audio and Video-Based        Biometric Person Authentication (AVBPA'99), pp. 176-181,        Washington D.C., 1999. This method used the structure from        motion, yielding the depth information of the face to detect        live face or still image. The problem for this method is the        depth information is hard to estimate when the head is still,        and it is sensitive to noise and lighting condition;    -   2. Physiological characteristic. These methods use the non-rigid        deformation and appearance change as the feature of live faces,        such as facial expression variation, eye blinking Reference is        made to papers written by Pan G., Sun L., Wu Z., and Lao S.,        “Eyeblink-based Anti-Spoofing in Face Recognition from a Generic        Web Camera,” the 11th IEEE International Conference on Computer        Vision, Rio de Janeiro, October, 2007; and Kollreider K.,        Fronthaler H., and Bigun J., “Verifying Liveness by Multiple        Experts in Face Biometrics,” IEEE Computer Vision and Pattern        Recognition Workshops, Anchorage, 2008;    -   3. Human computer interaction. These are interactive approaches        require the user response to the system with an action.        Reference is made to papers written by Chetty G., and Wagner M.,        “Liveness Verification in Audio-Video Speaker Authentication,”        In 10th Australian Int. Conference on Speech Science and        Technology, December, 2004; and    -   4. Use additional hardware to detect fake faces vs. live faces,        such as multi-model approach with special lighting condition,        facial thermogram, and facial vein map. However, it is        understood that such approach will add additional complication        and cost to the mobile App and mobile device.

As mentioned above, depth information is hard to estimate and sensitiveto noise, using additional hardware is not practical, and video is oneway to attack the system that also present physiological characteristic.A simpler approach would be using human computer interaction forliveness detection in order to counter spoofing. The present inventionincludes modules for robust face tracking and head movement detection,which will be used to generate the human computer interaction request todetermine whether the user is a real person or just a fake face.

There are situations that the face authentication or face livenessdetection modules could fail, due to low quality images, illuminationvariation, occlusion, or other noises. In this situation, the App willprovide an alternative solution, using other biometric modalities fordata security protection, such as, voice recognition, since voicepattern can be conveniently collected by the mobile device. Such asystem would be particularity useful during voice chatting or sendingvoice messages. Adding a voice authentication module would provide theuser an option that only the voice of a valid user can be sent orconduct voice chatting, thus enabling user identity protection.

The present invention can be expanded to include biometric encryptionfor email services. Email is now the primary way for businessescommunication. Financial documents, medical records, bank accountsinformation, legal files and other personal and confidential electronicdata are regularly transmitted through emails. Using mobile device tosend and receive emails is also becoming people's daily errands.Securing this information from sender to recipient is the key to avoid adata breach. Also, another priority is to ensure that businesses meetgovernment regulations regarding the transmission of electronic data.

In addition, another objective of the present invention is to enable theApp to provide other mobile Apps in the mobile device with data andidentity protection. For example, mobile applications in the phone forstoring personal data, contacts, appointments, photos, audio-videofiles, social networking accounts, and banking activities, etc. usuallydo not have any protection. The present invention can be a primarycovered layer protection for such mobile Apps.

Referring to FIG. 1, it illustrates an example of a secured messagingcommunication system and process with biometric encryption anddecryption, when using a live facial image as the biometric feature, inaccordance with the present invention. When Bob wants to send Alice asecured message, he would select a desired biometric of Alice from hisdatabase 10. In this example, a face image is being used. This databasecould be a registered list of members who desire secured communication.Further, this database could be stored on Bob's PC, remote server, orany mobile devices. After Alice's face image has been selected, arequest is sent to a server for biometric authentication 13. If the faceimage is authenticated, a public key 14 will be generated and sent toBob's messaging device for encrypting the created message 11. Theencrypted message 12 will be sent to Alice's device.

Once Alice has received the encrypted message 15, she would have to takea real-time face image from the camera 16 of her device. This live faceimage will be sent to the server as a request for face image validation13. Only when this live face image is validated, a private key 19 willbe released to Alice for decrypting the message. Then the decryptedmessage 20 can be read by Alice after decryption. For added security, aliveness detection 17 could be included in Alice's device to ensure theimage from the camera is a live image 18. The live detection coulddetect a live biometric image continuously. If a live image isinterrupted, the mobile device cannot decrypt the ciphertext even thoughthe text was previously decrypted.

There are a variety of ways to generate private and public keys (14 and19) for use with the present invention. For example:

-   -   1) Unique pair of private and public keys for Alice.

This is probably the most efficient method since Alice can obtain herprivate key one time and can use it forever. Bob needs to get the publickey for the first email to Alice and can also reuse it forever; and

2) Unique pair of private and public keys for communication betweenAlice and Bob.

-   -   Under this method, different sender (e.g. Bob) will need to        obtain different public key each time. This method is possibly        useful for authentication of sender. Dynamically changing pair        of private and public keys (with an expiration time stamp). This        method is more secure because the private and public keys are        only valid for a short period of time. The time period could be        as short as per message basis. So, even if Alice loses the phone        and the phone's secure storage is hacked into, the private key        will still be useless.

Referring to FIG. 2, it is an illustration of a mobile messageencryption application using facial image as a biometric feature.Reference 30 refers to the sender creating a message with a mobiledevice. Reference 31 refers to the message being encrypted and a publickey generated with a validated facial image. Reference 32 refers to theencrypted message being converted to “ciphertext” after encryption.Reference 33 refers to the recipient receiving the message. Reference 34refers to the recipient decrypting the message using his/her validatedfacial image together with a private key generated.

FIG. 3 illustrates face detection and tracking system using a mobileDevice. The rectangle marked on the face image indicates the detectionresults of each organ on the face: left eye, right eye, nose and mouth.The line marked on the face images are the measurements used todetermine the head movement and position. The circle on the left cornerindicates the computational result of the face orientation. The headposition estimation results in this example are: center (first image),left (second image), and upward (third image).

Multiple variations and modifications are possible in the embodiments ofthe present invention described above. Any type of biometric featureapplicable of configuring a Private Key and/or a Public Key forbiometric encryption, and any appropriate scheme described above aresuitable for the authentication purpose discussed in the presentinvention.

Although certain illustrative embodiments of the invention have beenshown and described here, a wide range of modifications, changes, andsubstitutions is contemplated in the foregoing disclosure. While theabove description contains many specifics, these should not be construedas limitations on the scope of the invention, but rather asexemplifications of one or another preferred embodiment thereof. In someinstances, some features of the present invention may be employedwithout a corresponding use of the other features. Accordingly, it isappropriate that the foregoing description be construed broadly andunderstood as being given by way of illustration and example only, thespirit and scope of the invention being limited only by the appendedclaims.

What we claim:
 1. A method for accessing encrypted and decrypted datasent between a sender mobile device with a mobile App to a user mobiledevice with the mobile App, wherein the sender mobile App selecting adesired user biometric data from a storage of the sender mobile device;sending the desired user biometric data to a biometric detector forvalidation, and a request for a public key; creating the encrypted datain the sender mobile device with the public key received if thevalidation is successful; sending the encrypted data with the public keyto the user mobile device; the user mobile App generating a livebiometric data using a biometric sensor of the user mobile device whenthe encrypted data is received; sending the live biometric data to thebiometric sensor for validation, and a request for a private key;denying the request for a private key by the biometric sensor if thevalidation of the live biometric data has failed; receiving the privatekey by the user mobile device if the validation is successful; anddecrypting the encrypted data with the private key received, and thepublic key received from the sender.
 2. The method of claim 1, whereinthe desired user biometric data and the live biometric data are facialimages; and the biometric detector and the biometric sensor are built-indevices on the sender mobile device and user mobile device,respectively.
 3. The method of claim 2, wherein both the sender mobiledevice and the user mobile device include biometric liveness detectorconnected to the built-in biometric detector and the built-in biometricsensor, respectively.
 4. The method of claim 3, further comprising:using a biometric liveness detection scheme to detect spoofing forpreventing unauthorized access; and stopping the decrypting process ifthe unauthorized access is detected.
 5. The method of claim 4, whereinthe biometric detector and biometric sensor comprises: a built-in camerafor sending live facial images to the biometric detector and biometricsensor for authentication.
 6. The method of claim 4, wherein the facialbiometric liveness detection scheme utilizes facial features provided ona mobile platform for data encryption and decryption.
 7. The method ofclaim 6, wherein the facial features further comprising: other selectedbiometric features on the face.
 8. The method of claim 6, furthercomprising: tracking the facial features on two consecutive frames of avideo stream; tracking a position of a facial image on a previous frame;tracking a position of the facial image on a consecutive current frame;measuring a distance of corresponding pixels of the two consecutiveframes; matching the positions between the consecutive current frame andthe previous frame; and generating an authenticated facial livenessimage.
 9. The method of claim 1, further comprising: converting theencrypted data into a secured data in a secure data exchange section ofthe sender mobile App.
 10. The method of claim 9, wherein the encrypteddata is an email message or a text message.
 11. The method of claim 8,wherein the authenticated facial liveness image is utilized tofacilitate the biometric liveness detection section.
 12. The method ofclaim 6, further comprising: tracking the facial features utilizing atemplate matching scheme.
 13. The method of claim 8, further comprising:granting a valid user further permission to access contacts and otherselected functions or applications in the mobile device.
 14. A systemfor encrypting and decrypting data between a sender mobile device and auser mobile device, comprising: a biometric data validator, a public keygenerator, and a private key generator; the sender mobile deviceincludes a mobile App, a user biometric data storage, an encryption datagenerator, a built-in camera, a live biometric detector, and a dataexchange generator; the user mobile device includes a mobile App, abuilt-in camera, a live biometric sensor, a data access grantingsection, and a decryption generator.
 15. The system of claim 14, whereinthe public key generator is in the sender mobile device generating thepublic key when the stored biometric data of the user is authenticated;and the encryption data generator generates encrypted data when thepublic key was received.
 16. The system of claim 15, wherein the dataexchange generator sends the encrypted data and the received public keyto the user mobile device.
 17. The system of claim 16, wherein thebuilt-in camera of the user mobile device sends a live biometric featureto the live biometric detector for authentication, and a request for aprivate key when the decrypted data and the public key are received fromthe sender mobile device.
 18. The system of claim 17, wherein the mobileApp of the user mobile device decrypts the encrypted data with theprivate key received after the live biometric feature has beenvalidated, and the received public key.
 19. The system of claim 18,wherein the data access granting section gives the user furtherpermission to access contacts and other selected functions orapplications in the mobile device.
 20. The system of claim 14, whereinthe image liveness detector utilizes a Local Binary Pattern (LBP) methodfor the live facial image validation.